LINUX distributor Red Hat has warned about an email scam designed to lure users of its open source software to download a fake update.

The emails appear to come from Red Hat's security team and urge users to download and run a supposed update from their home directory. The update appeared to contain malicious code, Red Had said in an online security advisory.

"Official messages from the Red Hat security team are never unsolicited, are always sent from the address secalert@redhat.com and are digitally signed by GPG," the advisory said.

"All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified."